package main

import (
	"github.com/labstack/echo/v4"
	"github.com/labstack/echo/v4/middleware"
)

// Secure 中间件用于阻止跨站脚本攻击(XSS)，内容嗅探，点击劫持，不安全链接等其他代码注入攻击。
func main() {
	e := echo.New()
	e.Use(middleware.Logger())
	e.Use(middleware.RequestID())
	//e.Use(middleware.Secure())

	e.Use(middleware.SecureWithConfig(CustomSecureConfig()))
	e.GET("/index", Index)
	e.Start(":80")

}
func Index(c echo.Context) error {
	requestId := c.Response().Header().Get(echo.HeaderXRequestID)
	return c.String(200, requestId)
}

func CustomSecureConfig() middleware.SecureConfig {
	return middleware.SecureConfig{
		XSSProtection:         "",
		ContentTypeNosniff:    "",
		XFrameOptions:         "",
		HSTSMaxAge:            3600,
		ContentSecurityPolicy: "default-src 'self'",
	}
}
